Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVulDBCVELIST:CVE-2024-7659
HistoryAug 11, 2024 - 2:31 a.m.

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

2024-08-1102:31:04
CWE-330
VulDB
www.cve.org
3
projectsend
password reset token
vulnerability
functions.php
insufficiently random values
remote attack
upgrade.

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

41.1%

JSON

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "projectsend",
    "versions": [
      {
        "version": "r1605",
        "status": "affected"
      }
    ],
    "modules": [
      "Password Reset Token Handler"
    ]
  }
]

Related

vulnrichment 1
cve 1
osv 1
nvd 1
vulnrichment
vulnrichment
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
2024-08-11 02:31:04
cve
cve
CVE-2024-7659
2024-08-12 13:38:49
osv
osv
CVE-2024-7659
2024-08-12 13:38:49
nvd
nvd
CVE-2024-7659
2024-08-12 13:38:49

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

41.1%

JSON
Related for CVELIST:CVE-2024-7659
vulnrichment1cve1osv1nvd1